Detections
Analytics

CVE-2006-4978

critical

Description

Multiple SQL injection vulnerabilities in Walter Beschmout PhpQuiz 1.2 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the univers parameter in score.php and (2) the quiz_id parameter in home.php, accessed through the front/ URI.

References

https://www.exploit-db.com/exploits/2376

https://exchange.xforce.ibmcloud.com/vulnerabilities/28993

http://www.vupen.com/english/advisories/2006/3693

http://www.securityfocus.com/bid/20065

http://www.securityfocus.com/archive/1/446315/100/0/threaded

http://securityreason.com/securityalert/1627

http://secunia.com/advisories/22015

Details

Source: Mitre, NVD

Published: 2006-09-25

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.01533